Commit graph

163 commits

Author SHA1 Message Date
Zhaofeng Li
9251019723 nix_eval_jobs: Errors may not have an attribute name attached 2022-01-25 14:22:26 -08:00
Zhaofeng Li
c0107b21e0 General code cleanup 2022-01-25 14:22:26 -08:00
Paul Haerle
5b8971a0f4
eval.nix: expose nixosModules.deploymentOptions (#49)
Allow flake users to import .#nixosModules.deploymentOptions
into their flake, so that the same expression can be used for both,
.#colmena.$host as well as .#nixosConfiguration.$host, without the
latter complaining about undefined options in "deployment".
2022-01-23 10:06:41 -08:00
Zhaofeng Li
cf9a72a1d4 nix: Add initial nix-eval-job integration
A DrvSetEvaluator is able to evaluate attribute sets of derivations,
streaming results as they come in.
2022-01-22 17:50:53 -08:00
Zhaofeng Li
3e40e84e19 nix: Add NixExpression abstraction
This decouples expression generation from evaluation. `NixExpression`s
that evaluate to a set of derivations can be fed to `DrvSetEvaluator`s
which may be able to parallelize evaluation.
2022-01-22 17:50:53 -08:00
Zhaofeng Li
55ce6d078e Remove unused stuff 2022-01-22 17:50:53 -08:00
Zhaofeng Li
d3e556027f deployment: Move chunked mode into self-contained function 2022-01-21 00:45:12 -08:00
Zhaofeng Li
82361e5ea5 hive: Clean up, make way for nix-eval-jobs 2022-01-21 00:45:12 -08:00
Zhaofeng Li
3fa0dee6b0 hive: Convert derivations to drvPath in separate attribute
This is to make way for the nix-eval-jobs streaming evaluator.
2022-01-21 00:45:12 -08:00
Zhaofeng Li
abb74b9f49 Add EditorConfig rules, fix trailing whitespaces 2022-01-08 01:20:36 -08:00
Zhaofeng Li
deca292b53 Refactor NixOptions 2022-01-08 01:20:36 -08:00
Zhaofeng Li
31fd1e49ac Move nix::{NixResult, NixError} to error::{ColmenaResult, ColmenaError} 2022-01-08 01:20:36 -08:00
Zhaofeng Li
16ed9d8c66 Move nix::NixCommand to util::CommandExt 2022-01-08 01:20:36 -08:00
Zhaofeng Li
f92236da46 Refactor current profile detection 2022-01-08 01:20:36 -08:00
Zhaofeng Li
da7907c874 General code cleanup 2022-01-05 14:01:05 -08:00
Zhaofeng Li
f9fab83030 deployment: Remove useless Arc clones 2022-01-02 13:16:24 -08:00
Zhaofeng Li
7bf57fd1ad nix/node_filter: Forgot to add 2022-01-01 16:47:38 -08:00
Zhaofeng Li
98897bf4de Support building on target nodes
This partially addresses #33, and allows Colmena to be used more
easily on bandwidth-constrained hosts and macOS.

With `deployment.buildOnTarget = true;` deployment works fine from
macOS without designated builders, except when IFD is involved.
2022-01-01 16:41:35 -08:00
Zhaofeng Li
872f944743 eval.nix: Skip recursive type checking when cross-referencing configs through the nodes argument
This makes evaluation faster especially when `nodes` is heavily used in
the configuration (like in my auto-meshing setup). This matches the
behavior of Morph.
2022-01-01 16:41:35 -08:00
Zhaofeng Li
cdbb69617f eval.nix: Support specifying a list of configs 2022-01-01 16:41:35 -08:00
Zhaofeng Li
f9f4dd5f63 Remove another ugly toJSON hack 2022-01-01 16:41:35 -08:00
Zhaofeng Li
f809d3b21c nix/host: Always copy outputs to remote along with derivations when realizing
This prevents useless rebuilds when trying to realize a derivation on
a remote host. This code path isn't actually used by Colmena at the
moment.
2022-01-01 16:41:35 -08:00
Zhaofeng Li
2b652f7236 hive: Add another test for nixpkgs.system 2022-01-01 16:41:35 -08:00
Zhaofeng Li
8f77184d58 eval.nix: Inherit pkgs.system in evalConfig 2021-12-18 14:35:06 -08:00
Zhaofeng Li
bd4493da73 nix: Move eval.nix tests into /hive 2021-12-18 14:35:06 -08:00
Zhaofeng Li
31fc98cfa7 nix: Remove ugly toJSON hack
We now evaluate with --strict.
2021-12-07 23:13:31 -08:00
Zhaofeng Li
eebded1786 Build each node individually
Now nodes that take a long time to build won't bottleneck the
deployment of other nodes in the same chunk.

Fixes #47.
2021-12-07 23:13:31 -08:00
Zhaofeng Li
39f597f778 hive: Pass --read-write-mode to nix-instantiate --eval
This enables the use of IFD inside `meta` and node `deployment.*`
options, from which we obtain the values with `nix-instantiate --eval`.

Fixes #45.
2021-12-05 12:34:44 -08:00
Zhaofeng Li
7433661aed Add deployment.keys.<name>.name 2021-12-05 01:14:12 -08:00
Zhaofeng Li
0f8873027f utils: Don't panic in capture_stream 2021-12-05 01:14:12 -08:00
Zhaofeng Li
ddccad4fb9 eval.nix: Auto-call functors as well
This makes some very cursed setup work :P
2021-12-04 01:03:26 -08:00
Zhaofeng Li
064432f38e nix/deployment: Misc cleanup 2021-12-04 01:03:26 -08:00
Zhaofeng Li
a3e292d7fb nix: Another deployment parallelization oops 2021-12-03 00:06:17 -08:00
Zhaofeng Li
2bba64a002 nix: Fix deployment parallelization 2021-12-02 23:49:46 -08:00
Zhaofeng Li
a42e8c5bf0 Misc cleanup 2021-11-23 14:12:01 -08:00
Zhaofeng Li
ec51f5703f deployment: A few oops 2021-11-22 01:53:08 -08:00
Zhaofeng Li
572f77dbf5 A couple of fixes to progress output
Need to have some integration tests.
2021-11-21 16:02:45 -08:00
Zhaofeng Li
0cb3f8e968 Redesign deployment process (again)
We now ship Events from different parts of the deployment process
via a channel to a job monitor.
2021-11-21 00:11:37 -08:00
Zhaofeng Li
5c84134af3 Refactor node names 2021-11-20 23:34:52 -08:00
Zhaofeng Li
47ccc6c9c4 nix/info.rs: Update message about nixUnstable for 21.11 2021-11-18 15:41:02 -08:00
Zhaofeng Li
e5665775b2 Preserve elapsed time in store path listing after build
Fixes #36.
2021-11-18 01:38:58 -08:00
Zhaofeng Li
4497ef296e Add manual
We finally have some real documentation :)
2021-11-17 22:21:00 -08:00
Zhaofeng Li
1535857acc Also disallow pinning to a Nixpkgs lambda in Flakes
Somehow missed this one *shrugs*
2021-11-17 22:21:00 -08:00
Zhaofeng Li
006cb2c5ee eval.nix: Make the uninitialized nixpkgs error more informative 2021-11-16 21:01:40 -08:00
Zhaofeng Li
f7eb121260 Disallow uninitialized meta.nixpkgs in Flakes 2021-10-28 17:10:58 -07:00
Zhaofeng Li
765f42fa24 introspect: Support actually instantiating the expression 2021-10-28 14:09:35 -07:00
Zhaofeng Li
0e0a1e84f0 Make flake resolution (slightly) less terrible
Instead of using `path:` which always copies the entire directory,
we now try to resolve the Flake URI using `nix flake metadata` which
may give us a `git+file:`.
2021-10-25 23:38:10 -07:00
Zhaofeng Li
b48753239a hive.rs: Canonicalize flake path
Relative paths are no longer allowed in newer Nix versions.
2021-10-25 21:53:38 -07:00
Zhaofeng Li
6d6e33fcd4 nix: Remove unneeded ok() 2021-10-23 20:49:14 -07:00
Bjørn Forsman
4106a73e75 Allow selecting ssh user dynamically
...by setting `deployment.targetUser = null`.

This allows sharing a deployment file (hive.nix/flake.nix) between
multiple admins, without having to use a shared root account.
2021-10-23 15:06:56 +02:00
Zhaofeng Li
37b43cd6d7 eval.nix: Support autocall for hive configuration 2021-08-26 19:59:22 -07:00
Zhaofeng Li
7cc6552ee3 hive.rs: Remove unwrap in builder_args() 2021-08-26 19:59:22 -07:00
Zhaofeng Li
7b69946d98 Ensure key ownerships are set correctly
Depending on when keys are uploaded (`deployment.keys.<name>.uploadAt`):

`pre-activation`:
We set the ownerships in the uploader script opportunistically and
continue if the user/group does not exist. Then, in the activation
script, we set the ownerships of all pre-activation keys.

`post-activation`:
We set the ownerships in the uploader script and fail if the
user/group does not exist.

The ownerships will be correct regardless of which mode is in use.

Fixes #23. Also a more complete solution to #10.
2021-08-26 12:54:41 -07:00
Zhaofeng Li
24339bcca7 Add deployment.keys.<name>.uploadAt
This mirrors the functionality recently added in morph and allows
for the uploading of keys after system profile activation.

Fixes #10.
2021-08-24 23:25:46 -07:00
Zhaofeng Li
135a42b20f eval.nix: Add meta.specialArgs 2021-07-16 22:52:23 -07:00
Zhaofeng Li
671cf38796 hive.rs: Pass --builders to nix-instantiate as well 2021-07-13 01:38:52 -07:00
Zhaofeng Li
67db0e73d1 Add check for Flakes support 2021-06-29 01:02:43 -07:00
Zhaofeng Li
e50ba82bf2 Add basic Flakes support
Co-authored-by: Alex Zero <joseph@marsden.space>
2021-06-29 01:02:43 -07:00
Zhaofeng Li
22ae18f5e7 Exit with non-zero code if any node fails to deploy
The exit codes are in flux and should not be relied upon.

Fixes #28.
2021-05-24 00:15:38 -07:00
Zhaofeng Li
960af8f793 Add deployment.privilegeEscalationCommand
This adds a NixOps-equivalent option for non-root deployment
on remote hosts.

Fixes #27.
2021-05-24 00:15:38 -07:00
Zhaofeng Li
39d612a5e7 ssh: Remove dead code 2021-05-24 00:15:38 -07:00
Zhaofeng Li
99ba8db335
Merge pull request #21 from jasonrm/machines-file
eval.nix: Adds meta.machinesFile option that is passed to Nix as builder option
2021-05-07 16:25:36 -07:00
Zhaofeng Li
16ccdbc700 Better handling of killed processes 2021-04-28 15:09:40 -07:00
Zhaofeng Li
44b421c2c7 key.rs: Fix typo (user -> group)
Fixes #22.
2021-04-19 15:40:19 -07:00
Jason R. McNeil
3ee97c2a76 apply: Add deployment.replaceUnknownProfiles option and --force-replace-unknown-profiles switch
If `deployment.replaceUnknownProfiles` is set to false, a diverged hive
config (in a shared git repo for example) won't result in accidentally
undoing another applied configuration profile.

The deployment option is set to true so that fiction is minimized from
aggressive garbage collection, first time profile application and low
contention hives.
2021-04-10 13:42:38 -07:00
Jason R. McNeil
e0465567b2 eval.nix: Adds meta.machinesFile option that is passed to Nix as builders argument 2021-04-09 23:54:13 -07:00
Zhaofeng Li
8abcd5d53b "Successfully built" -> "Build successful" for consistency 2021-03-18 15:13:34 -07:00
Zhaofeng Li
b44dd1f877 apply_local: Don't bother evaluating other hosts 2021-03-18 15:05:05 -07:00
Zhaofeng Li
e9487ced9e host: Use the key uploader script for both SSH and local 2021-03-17 22:39:05 -07:00
Zhaofeng Li
610a725ba2 Add --keep-result to create GC roots for profiles
This resembles the behavior of morph.

Reference: #18
2021-03-17 14:59:57 -07:00
Zhaofeng Li
81375e71b2 deployment: Display the resulting paths if the goal is to build only
Reference: #18
2021-03-17 14:59:43 -07:00
Jason R. McNeil
4098bf73bc Makes SSH options available to nix-copy-closure 2021-03-14 22:20:47 -07:00
Zhaofeng Li
082a033443 eval.nix: Exclude internal Nixpkgs config options from node override warning 2021-02-17 23:06:22 -08:00
Zhaofeng Li
e32e130621 Always print the entire log for failures in eval and build
This makes it easier to debug configuration issues without -v.

Fixes #14.
2021-02-17 22:48:26 -08:00
Zhaofeng Li
d16a13654c Merge nixpkgs.config and nixpkgs.overlays
This replaces #12, and allows for Nixpkgs overlays and config to be overridden
in machine configs. With #12, overlays set in machine configurations
(`nixpkgs.overlays`) get silently ignored.
2021-02-17 22:46:01 -08:00
Zhaofeng Li
9eae937b42 apply: Disable configuration of build process limit 2021-02-17 08:09:15 -08:00
Justinas Stankevicius
10f98d715f Propagate same 'pkgs' to all modules 2021-02-16 20:53:43 +02:00
Zhaofeng Li
30dc352eb9 eval.nix: Add type checking to meta/network
Primarily to make the evaluation error out if the configuration
tries to use non-existent options (e.g., pinning Nixpkgs with
morph-specific options).
2021-02-12 14:52:09 -08:00
Zhaofeng Li
d0bba90d04 ssh: Fix shell escaping
The previous `sh -c` invocation was incorrect and just happened
to work on hosts with a Bourne-compatible shell set as the login
shell. Commands in the deploy script were being executed in the
login shell.
2021-02-12 13:55:44 -08:00
Zhaofeng Li
95ddbcbfd6 ssh/deploy-key: Skip chown if the user/group doesn't exist
This matches the behavior of NixOps.

Potential solution to #10.
2021-02-12 13:54:17 -08:00
Zhaofeng Li
dbd66d7c7c Add initial set of tests 2021-02-11 13:27:21 -08:00
Justinas Stankevicius
4c7f8eb838 keyCommand: on error, do not upload key, report 2021-02-11 21:16:56 +02:00
Zhaofeng Li
e49e9367c0 key: Serialize KeySource through an intermediate struct
Well, still better than `if/else`-ing all the way. Also we
definitely need unit tests.

See #8.
2021-02-11 00:51:11 -08:00
Zhaofeng Li
2886662e18 nix: Key names can contain one path component only
Well, I changed my mind and this should be cleaner.
2021-02-10 18:17:55 -08:00
Zhaofeng Li
52622ecd27 Add 'deployment.keys.<key>.keyCommand' support
Fixes #3.
2021-02-10 18:08:47 -08:00
Zhaofeng Li
ce9f639a53 key: Make the key source better typed 2021-02-10 17:34:52 -08:00
Zhaofeng Li
62753ea138 progress: Let's just call them "tasks" instead of "processes"... 2021-02-10 17:20:49 -08:00
Zhaofeng Li
9d59a6a288
Merge pull request #5 from justinas/keys-keyfile
Add 'deployment.keys.<key>.keyFile' option
2021-02-10 17:20:28 -08:00
Justinas Stankevicius
d90fc56bc3 Implement key upload from local file 2021-02-10 20:37:54 +02:00
Justinas Stankevicius
f521f19629 Add deployment.keys.<key>.keyFile option 2021-02-10 20:37:54 +02:00
Zhaofeng Li
afabd8c6f9 Minor tokio cleanup 2021-02-10 10:29:17 -08:00
Zhaofeng Li
9f4d5a2221 Target stable toolchain 2021-02-10 00:41:02 -08:00
Zhaofeng Li
78a6825be6 Add exec command 2021-02-09 22:07:10 -08:00
Zhaofeng Li
1c9e7cdb83 Allow customization of SSH configurations 2021-02-09 21:02:00 -08:00
Zhaofeng Li
a2fa8f1da7 Clean up logging / progress display 2021-02-09 19:28:45 -08:00
Zhaofeng Li
8934726664 More fixes to key deployment and logging 2021-02-09 14:57:11 -08:00
Zhaofeng Li
84aa165aef Refactoring and deployment.keys implementation
More refactoring of the deployment process, as well as an initial
implementation of `deployment.keys`.

Fixes #2.
2021-02-08 19:00:29 -08:00
Zhaofeng Li
21c2bef3ad Small fixes to eval logging 2021-02-05 02:20:57 -08:00
Zhaofeng Li
6e909477ae nix/deployment: Well, that's an embarrassing typo... 2021-01-29 21:24:05 -08:00
Zhaofeng Li
68ecb095b8 nix: Small fixes to logging 2021-01-28 23:58:54 -08:00